3eb3b72914c651d93adfb6e82e2cd9efbec77117d18446b486b6e87db9630db6 | Triage

Sharing

General

Target

210366d4a3a26e2054f68303d496a7d7_JaffaCakes118
Size

384KB
Sample

240703-elr2pazhrp
MD5

210366d4a3a26e2054f68303d496a7d7
SHA1

ec1cd9889d6552ed7805f12dc9ca01e0a1aec6e8
SHA256

3eb3b72914c651d93adfb6e82e2cd9efbec77117d18446b486b6e87db9630db6
SHA512

e5d0751f9b453d4a19c74b494c67d48003528ba1356efb000c6e405526baf37dab7cc023749841b8b8f021199c249951d3732484e0ffab7410efb36fc995a8d4
SSDEEP

6144:pZ2XN0gD4kkgSpKZlC1CjB71Ma5OqqBNDiAtblmrvVTYrCu71ivm776s4HU3oNLI:zMl0BgS0Zo8lyQIBN2At5mrdT071iG7o

Score

8^/10

evasion persistence spyware stealer

Malware Config

Targets

- Target
  
  210366d4a3a26e2054f68303d496a7d7_JaffaCakes118
- Size
  
  384KB
- MD5
  
  210366d4a3a26e2054f68303d496a7d7
- SHA1
  
  ec1cd9889d6552ed7805f12dc9ca01e0a1aec6e8
- SHA256
  
  3eb3b72914c651d93adfb6e82e2cd9efbec77117d18446b486b6e87db9630db6
- SHA512
  
  e5d0751f9b453d4a19c74b494c67d48003528ba1356efb000c6e405526baf37dab7cc023749841b8b8f021199c249951d3732484e0ffab7410efb36fc995a8d4
- SSDEEP
  
  6144:pZ2XN0gD4kkgSpKZlC1CjB71Ma5OqqBNDiAtblmrvVTYrCu71ivm776s4HU3oNLI:zMl0BgS0Zo8lyQIBN2At5mrdT071iG7o
Score

8^/10

evasion persistence spyware stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencespywarestealer

behavioral2